kirb
Post-EOL XP updates missing from Legacy Update
Microsoft issued post-EOL updates to combat two especially dangerous exploits in XP, but these were not added to Windows Update and required manual installation.
The updates are:
If possible, it'd be great to have these added into the normal Windows Update flow. If not, at least they could be placed on the "Commonly Downloaded" section of the Download Center so they aren't overlooked by visitors.
Actually, there are at least 11 "extra" updates that have been released for Windows XP after the end-of-life on 8 April 2014. Most of them were released on 13 June 2017, but the second one that you have mentioned was released on 14 May 2019.
-
https://support.microsoft.com/en-gb/topic/microsoft-security-advisory-4025685-guidance-related-to-june-2016-security-update-release-june-13-2017-031e5373-d12b-89f5-df66-83d59d2ddd72 (specific for Windows XP: https://support.microsoft.com/en-gb/topic/microsoft-security-advisory-4025685-guidance-for-older-platforms-june-13-2017-05151e8a-bd7f-f769-43df-38d2c24f96cd)
-
https://support.microsoft.com/en-gb/topic/customer-guidance-for-cve-2019-0708-remote-desktop-services-remote-code-execution-vulnerability-may-14-2019-0624e35b-5f5d-6da7-632c-27066a79262e (specific for Windows XP: https://support.microsoft.com/en-gb/kb/4500331)
As you may know, the 2017 extra updates will be installed automatically (along with approximately 140 other updates released between May 2014 and April 2019) on Windows XP (SP3) if you enable the "POSReady 2009" unofficial register change which makes the update service believe that your Windows XP machine is a cash register version of Windows XP (which is named "Windows Embedded POSReady 2009"). Please note that this change of the registry is NOT recommended officially since these updates are not created for the "normal" version of Windows XP. However, these two versions of Windows XP are almost the same, so there is a good chance that the POSReady updates will work as well in the normal Windows XP as if they actually were made for the normal Windows XP.
I don't know whether the automatic updates function will include the May 2019 extra update (while enabling the POSReady trick) since I always install the normal Windows XP updates before (sometimes) enabling the POSReady updates.
To sum up, you should definitely download and install the 11 mentioned updates from the links above (of which you already know two).
Please note that this change of the registry is NOT recommended officially since these updates are not created for the "normal" version of Windows XP.
I know that Legacy Update doesn't require to manually install a registry files editor but I wonder what method is being used because they both seem to work equally well
Windows Registry Editor Version 5.00
;Windows XP Embedded SP3 (Support ended 12/01/2016) ;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion] "FeaturePackVersion"="SP3"
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion] "ProductVersion"="0x00000000"
;Windows Embedded for point of Service (Support ended 12/04/2016)
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS] "Installed"=dword:00000000
;Windows Embedded Standard 2009 (Support ends 08/01/2019)
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES] "Installed"=dword:00000000
;Windows Embedded PosReady 2009 (Support ends 12/04/2019)
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001
I always install the normal Windows XP updates before (sometimes) enabling the POSReady updates.
this is the reason that got me opening this issue https://github.com/kirb/LegacyUpdate/issues/195 because I'm not sure what's the best method to update XP
if I only enable the Legacy update checkbox I get 141 updates listed + Live Essentials / Security Essentials
if I enable Legacy update and Embedded 2009 checkboxes I get 137 updates listed + Live Essentials / Security Essentials + 111 embedded updates
so 4 normal updates are gone or probably replaced by the embedded ones.
111 is a variable number which will change according to the other installed updates but I have yet to perform more tests to see whether the end result is the same or some updates were lost along the way
I know that Legacy Update doesn't require to manually install a registry files editor but I wonder what method is being used because they both seem to work equally well
I'm sorry, but I'm not really sure about what you're wondering. However, I'm trying to give an answer as well.
A registry files editor is not necessary for LegacyUpdate to work, that is correct.
I don't (technically) know the method that LegacyUpdate is using, but you can see the technical information on this LegacyUpdate GitHub website.
If those registry entries you are mentioning (not in my quote, though) are present in your "normal" Windows XP, this seems to mean that the embedded versions of Windows XP (except POSReady) are not installed or present (which is correct if you are using a "normal" Windows XP with "POSReady" activated or if you, really, are using Windows Embedded POSReady 2009, which can be downloaded officially on this Microsoft website: https://www.microsoft.com/en-gb/download/details.aspx?id=11196).
If you change the registry value in the DWORD "Installed" in [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS] or [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES] or [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] from 0 to 1, this means that Windows Update or Microsoft Update (nowadays through LegacyUpdate) starts believing that your Windows XP is any of these embedded Windows XP versions. Which one is the appropriate to choose (to get more updates for "normal" Windows XP)? Well, the POSReady version is the one that has the newest updates, as shown in your own comment, and probably the one that is corresponding best to "normal" Windows XP, as to be seen in the Microsoft Update Catalog (https://www.catalog.update.microsoft.com) when compairing the size of the updates for the different versions of Windows XP shown in the catalogue when searching for, for example, "3197835".
I always install the normal Windows XP updates before (sometimes) enabling the POSReady updates.
this is the reason that got me opening this issue #195 because I'm not sure what's the best method to update XP
I would highly recommend installing the official Windows XP updates before installing any unofficial updates, including enabling and installing POSReady updates on a "normal" Windows XP, especially since KB2686509 actually has a POSReady (or Embedded) version that differs from the normal Windows XP version and Windows Update or Microsoft Update (nowadays through LegacyUpdate) will try to install the POSReady version on the normal Windows XP if "POSReady" updates are "enabled" on normal Windows XP. See also #164.
There is, at least, one more example of differing updates: by compairing this website with this one, we see that the update KB3011780 is not to be used on "normal" Windows XP. The obvious question, the answer to which I don't know, is whether the POSReady updates that have replaced KB3011780 (se the update catalogue as shown below) should be installed on "normal" Windows XP.
if I only enable the Legacy update checkbox I get 141 updates listed + Live Essentials / Security Essentials
Please note that Windows Live Essentials (which can be downloaded in your own language here) and Microsoft Security Essentials are not the same.
if I enable Legacy update and Embedded 2009 checkboxes I get 137 updates listed + Live Essentials / Security Essentials + 111 embedded updates
so 4 normal updates are gone or probably replaced by the embedded ones.
They are probably replaced by newer ones (which, naturally, are named "Embedded" since "normal" Windows XP didn't get updates anymore). But to be sure, I would advice you to install all the "normal" Windows XP updates before enabling "POSReady".
You can search for the unique number of the update (the KB number) in the Microsoft Update Catalog (https://www.catalog.update.microsoft.com) and then click on the name of the update (for the appropriate Windows version (-s)). Afterwards, in the pop-up window, you click the third column, "Package Details", and there you have information about replacing updates!
111 is a variable number which will change according to the other installed updates but I have yet to perform more tests to see whether the end result is the same or some updates were lost along the way
Well, let's see if there are any interesting results!
I have noticed, after enabling "POSReady" and when installing all the "POSReady" updates the first time the feature "Automatic updates" finds them, that there are errors with some updates. Having restarted the (virtual) computer, as prompted, I search for updates again, and then there are no more updates! (Except one update, KB4486463, that always returns for installation. I circumvent this by disabling "POSReady", which I do by denying "SYSTEM" reading access to the POSReady registry key using the built-in "regedit.exe".)
Update of this comment: spelling error corrected.
Legacy Update uses the POSReady Installed key, and there isn’t a need to use the other keys for what I’ve seen. Embedded Standard/POSReady 2009 is pretty much XP SP3 with a handful of features removed when installed “normally” with all components enabled (it’s possible to build a custom image with components removed), so that’s why the updates work on regular XP SP3, with the odd exception of KB2686509. In addition the majority if not all XP Embedded/WEPOS (original 2001 version) SP3 updates are identical to 2009 updates, I don’t know which ones/how many differ though. I have a feeling the post-EOL updates were simply never released through WU, and may have only been made available through WSUS.
As for how updates can differ between the two, I would want to see a diff of the actual patch payloads to be sure they even can differ at all. It’s not something I’ve really looked into, aside from identifying that the update installers for WES/POSReady seem to only differ by checking for presence of either the WES or POSReady Installed key, aborting with a “wrong OS” error if not present.
[…] that’s why the updates work on regular XP SP3, with the odd exception of KB2686509. [...]
The download link on the FAQ page does only contain the English version, but, as you know, I believe, Windows XP is language dependent, meaning that each language version of Windows XP has its own updates (presumably containing the same content). Therefore, I would kindly suggest that you put a link to the Microsoft Update Catalog (https://www.catalog.update.microsoft.com/Search.aspx?q=2686509) on the FAQ page so people can easily retrieve their own localized version of the update (since the catalogue and its updates are shown in the same language as the browser/computer uses (which means the English version of the updates on multilanguage versions of Windows XP)).
When speaking about the FAQ page, may I please draw your attention to the description of Windows Live Essentials on the FAQ page? The last version for Windows XP is the 2009 version, not the 2012 version as you have written on the FAQ page. In the same way, the last version for Windows Vista is the 2011 version. All of them, I believe, can be downloaded here, as I have mentioned before, but you may need some editing of the download URL's to get them working.
In addition, I wonder about the mentioned x64 definition update on the FAQ page. As for now, it's a "mpas-fe.exe" file. But according to this Microsoft web site, it should be "mpam-feX64.exe" for Microsoft Security Essentials and "mpas-fe.exe" for Windows Defender. Maybe it doesn't matter in practice?
[…] I have a feeling the post-EOL updates were simply never released through WU, and may have only been made available through WSUS.
I can't confirm that, since I haven't used the POSReady "trick" before August 2020, when the original Microsoft Update connection (SHA-1) was closed, but I can tell you that the post-EOL updates are shown in both "Automatic Updates" and on the LegacyUpdate website on "normal" Windows XP with "POSReady" enabled.
As for how updates can differ between the two, I would want to see a diff of the actual patch payloads to be sure they even can differ at all. It’s not something I’ve really looked into, aside from identifying that the update installers for WES/POSReady seem to only differ by checking for presence of either the WES or POSReady Installed key, aborting with a “wrong OS” error if not present.
It might be interesting, but I don't have the necessary knowledge for doing this.
In addition, I wonder about the mentioned x64 definition update on the FAQ page. As for now, it's a "mpas-fe.exe" file. But according to this Microsoft web site, it should be "mpam-feX64.exe" for Microsoft Security Essentials and "mpas-fe.exe" for Windows Defender. Maybe it doesn't matter in practice?
After evaluating the Wayback Machine, I have noticed that even the 64 bit version (x64) of the definition update for Microsoft Security Essentials is named "mpam-fe.exe" but stored in a link that differs from the 32 bit version (x86). (Se this link and this link.)
But I don't know if those links work on 64 bit Windows XP and/or 64 bit Windows Vista. I believe that you have evaluated this more than me before publishing the information on the FAQ page!
Please note that Windows Live Essentials (which can be downloaded in your own language here) and Microsoft Security Essentials are not the same.
I am aware it's not the same thing and both are absolote anyhow
I once got infected and MSE was unable to remove the malware from my computer and years later M$ recognized it was a bad AV that should be used as a complement of a good mainstream AV. Avast is the best one to me that served me well over the years but I don't use any of them in real-time.
regarding WLE it fails to install because M$ servers have been shut off
note, when using the alternate updating method https://github.com/kirb/LegacyUpdate/issues/195#issuecomment-1799382769 these two updates are not brought up to the list
MSE is decently competent, but definitely not as much as the later Windows 10/11 version of Defender is. Machine learning-based detections have made a massive difference, the malware world changes too quickly for old-style signatures to be as effective any more, and it seems Microsoft is leading the way on that. Of course, an AV can't possibly catch absolutely everything, but they're getting a lot closer than they were before.
@AntonFromSweden Thanks for the reminder that I was supposed to add other languages there, I added a link to the catalog now.
I was pretty sure WLE 2012 was the final version for all of XP - 7, but seems like I might be mistaken. Super quick research tells me you could still run WLE 2012 Mail, Messenger, Writer, and Photo Gallery on XP. At any rate I'll add a link to the offline download page because that pretty much solves the problem.
And to be honest, I'm not certain on the 64-bit side of MSE definitions. I'll test this on XP x64.
Ok, MSE x64 isn't offered as an optional installation on XP x64 as it is on x86, it needs to be downloaded from https://web.archive.org/web/20140329145947/http://www.microsoft.com/en-us/download/details.aspx?id=5201, specifically https://web.archive.org/web/20140329150023id_/http://download.microsoft.com/download/A/3/8/A38FFBF2-1122-48B4-AF60-E44F6DC28BD8/ENUS/amd64/MSEInstall.exe. Unfortunately the version currently on the live Microsoft download site, and the LU download center archive, doesn't support XP. I'll need to see if I can come up with a way to go back in time on the download center at some point.
Anyway, I was able to figure out that 1.265.826.0 from April 2018 was the last version to work on XP x64. Added that to the site now, and I've also rearranged it to correct the difference between the MSE and Defender updates. I do need to check how far the Vista MSE/Defender updates go, they should either reach as far as Jan 2020 when Server 2008/R2 ESU updates ended, or even quite a bit later, since I've heard some users confirm they're still getting MSE/Defender updates. (Possible that was only on 7 though, also possible that it stopped last month when Server 2012/R2 ESU ended.)
I also added the WLE download. Thanks for posting that link, @AntonFromSweden! A slightly earlier snapshot from 2014 was required because they deleted the WLE 2009/2011 downloads in early 2015, seemingly despite the page still linking to them for a while longer.
Ok, MSE x64 isn't offered as an optional installation on XP x64 as it is on x86,
who elaborated the Legacy Update list of updates ? as I mentioned on another post https://github.com/kirb/LegacyUpdate/issues/195#issuecomment-1791062463 M$ Silverlight KB2977218 or IE7 KB940767 are offered with alternate updating methods however there's no sign of WLE or MSE.
The updates list is what the official Microsoft Windows Update servers provide, Legacy Update currently is just proxying your connection to Microsoft so it’s accessible by XP again. In future I want to replace it with my own implementation of the update server, where I would want to inject some extra updates including MSE for XP x64, but as of yet we don’t really have much ability to modify output due to the way the WU protocol works.
Please note that Windows Live Essentials (which can be downloaded in your own language here) and Microsoft Security Essentials are not the same.
regarding WLE it fails to install because M$ servers have been shut off
Yes, I know, but the download link provided above contains offline installers, meaning that there is no need to connect to the Microsoft servers (originally after having downloaded the appropriate offline installer).
@AntonFromSweden Thanks for the reminder that I was supposed to add other languages there, I added a link to the catalog now.
You're welcome!
And to be honest, I'm not certain on the 64-bit side of MSE definitions. I'll test this on XP x64.
Anyway, I was able to figure out that 1.265.826.0 from April 2018 was the last version to work on XP x64. Added that to the site now, and I've also rearranged it to correct the difference between the MSE and Defender updates. I do need to check how far the Vista MSE/Defender updates go […]
I also added the WLE download.
Excellent!
Thanks for posting that link, @AntonFromSweden! A slightly earlier snapshot from 2014 was required because they deleted the WLE 2009/2011 downloads in early 2015, seemingly despite the page still linking to them for a while longer.
You're welcome! However, I'm still facing the little (and annoying) problem with the download links. For example, when talking about the English version for Windows XP: hovering with the computer mouse over "English", it says "https://web.archive.org/web/20141213221931/http://g.live.com/1rewlive3/en/wlsetup-all.exe" which will lead you to the installer. But when you click the link, or copy it by right-clicking with the mouse, it immediately says "https://web.archive.org/web/20141213221931/http://g.live.com/1rewlive3/en/wlsetup-all.exe??WLXID=ca0368e1-c421-42cb-b059-467ebc69bb79&RID=001b013e81c&TID=1418509173757&lid=". This long version has not been saved in the Wayback Machine.
I do know how to circumvent this (by deleting all the redundant characters following ".exe" in the URL), but maybe there are some people not knowing this, hence believing that "their" language has not been preserved in the Wayback Machine? Maybe this circumstance warrants a short description on the FAQ page of the need of changing the URL manually?
Interestingly, those redundant characters don't appear when looking in the source of the download website (Ctrl+U).
Actually, there are at least 11 "extra" updates that have been released for Windows XP after the end-of-life on 8 April 2014.
Recently, I have noticed that there are at least 12 "extra" updates for "normal" Windows XP. The twelfth is the oldest, and thus it should be the first.
I'm talking about KB2964358, released on 1 May 2014, for Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8.
If you have Internet Explorer 8, probably KB2964358 has been superseded by KB4018271, which is also a post-EOL update for "normal" Windows XP, as seen on the Microsoft website.
The updates list is what the official Microsoft Windows Update servers provide, Legacy Update currently is just proxying your connection to Microsoft so it’s accessible by XP again. In future I want to replace it with my own implementation of the update server, where I would want to inject some extra updates including MSE for XP x64, but as of yet we don’t really have much ability to modify output due to the way the WU protocol works.
@kirb While waiting for your own implementation (to be honest, I have mixed feelings about that, since the distance towards "official" Microsoft increases, but of course there will be many advantages, such as "MSE for XP x64" or, for example, KB976002 (Windows XP 32-bit MUI for the European Union) and retaining the update service from going down (more than now) if Microsoft shuts it down in the future!), maybe these "extra" updates for "normal" versions of Microsoft Windows, and some more, such as KB2964358 and KB4500331, should be mentioned on the Legacy Update FAQ page or even somewhere on http://legacyupdate.net/windowsupdate/v6?
In the same manner, here do we have a whole bunch of post-EOL updates for Windows 2000, maybe all of them!
Here is a time zone update (KB4501226) for Windows XP with the POSReady registry trick activated, released in June 2019, but according to KB4507704 (released in July 2019), whose .exe files I haven't found, we should not install KB4501226 since we can't install KB4507704 that fixes a problem with KB4501226.
[…] I'm still facing the little (and annoying) problem with the [offline] download links [for Windows Live Essentials]. For example, when talking about the English version for Windows XP: hovering with the computer mouse over "English", it says "https://web.archive.org/web/20141213221931/http://g.live.com/1rewlive3/en/wlsetup-all.exe" which will lead you to the installer. But when you click the link, or copy it by right-clicking with the mouse, it immediately says "https://web.archive.org/web/20141213221931/http://g.live.com/1rewlive3/en/wlsetup-all.exe??WLXID=ca0368e1-c421-42cb-b059-467ebc69bb79&RID=001b013e81c&TID=1418509173757&lid=". This long version has not been saved in the Wayback Machine.
Now I have noticed that this behaviour is only seen in modern browsers on modern Windows versions. It is not seen in Internet Explorer on Windows XP.
another missing update or weird thing ? ((Embedded updates checkbox still disabled here)) I only installed the main series of recommended updates, I left out the optional updates and NET framework's.... for the next round. I then restart the computer and notice that Windows Update brought out this update KB955759 Legacy Update or WU MiniTool don't display it however they display the KB2492386 which is the direct replacement. how is this possible ?
another missing update or weird thing ? ((Embedded updates checkbox still disabled here)) I only installed the main series of recommended updates, I left out the optional updates and NET framework's.... for the next round. I then restart the computer and notice that Windows Update brought out this update KB955759 Legacy Update or WU MiniTool don't display it however they display the KB2492386 which is the direct replacement. how is this possible ?
Do you mean that KB955759 suddenly starts to appear, despite the fact that is has been (or should have been) superseded by KB2492386?
As you know, as stated in #195, when there is a newer update containing the same fixes as an old update, the old one will, usually, be invisible in the list of available updates in favour of the newer one.
But, as we have noticed, also in #195, the technology which offers us the updates is not perfect.
Do you mean that KB955759 suddenly starts to appear, despite the fact that is has been (or should have been) superseded by KB2492386?
Yes, but only Windows Update shows it off. I thought it should display the same updates as Legacy Update
As you know, as stated in #195, when there is a newer update containing the same fixes as an old update, the old one will, usually, be invisible in the list of available updates in favour of the newer one.
Legacy Update is not perfect, as some updates should not be displayed or should not fail to install.
as I have mentioned on the other topic the KB928416 (NET 3.0 language pack) fails to install however the KB829019 (NET 2.0 language pack) doesn't
when selecting and installing the KB951847 (NET 3.5 language pack) the two other will dissapear from the list
But, as we have noticed, also in #195, the technology which offers us the updates is not perfect.
so long as we understand why it's not being perfect it's fine to me
I enabled Embedded updates from the beginning but didn't install any of the listed updates till the end to figure out if the end result is the same
I have noticed that the KB2686509 is replaced by the embedded version one which fails to install.
it's in fact the same update that fixes the Security Essentials update bug because the MPAM-FE file is not enough https://legacyupdate.net/faq/issues
when Embedded checkbox is enabled 4 high priority updates get superseded, and 1 NET 4.0 update as well.
all other POSReady updates for NET framework's are not a direct replacement
Visual C++ and Office 2003 don't have any POSReady update available
aside from these minor issues, the result seems to be perfect so I won't recommend enabling Embedded updates from the get go
as I have mentioned on the other topic the KB928416 (NET 3.0 language pack) fails to install however the KB829019 (NET 2.0 language pack) doesn't
when selecting and installing the KB951847 (NET 3.5 language pack) the two other will dissapear from the list
Oh, really? To me, KB928416 (.NET Framework 3.0 Swedish and Spanish language packs on a Swedish version of Windows XP and a Spanish version of Windows XP, separately) remains available and fails to install (after having installed .NET Framework 3.5 by using KB951847 or the standalone installer) whatever I do. But, of course, I can manually hide it.
I have noticed that the KB2686509 is replaced by the embedded version one which fails to install.
Yes, that issue has been mentioned before in #195, in other threads on this Legacy Update GitHub community and on the Legacy Update FAQ page.
it's in fact the same update that fixes the Security Essentials update bug because the MPAM-FE file is not enough https://legacyupdate.net/faq/issues
I didn't know that KB2686509 fixes a Microsoft Security Essentials bug.
Visual C++ and Office 2003 don't have any POSReady update available
That seems to be true, but the Microsoft Office Compatibility Pack, which makes Office 2000, Office XP and Office 2003 able to read modern Word, Excel and PowerPoint documents (.docx .xlsx and .pptx file formats), does have some POSReady updates. Or at least you have to enable the "POSReady" trick to get these updates. Please note that you have to install all the Office 2000/XP/2003 updates before you install the compatibility pack.
(I've heard that Microsoft Office is not intended for being installed or used on Windows Embedded, so why are there some extra updates available only for Office Compatibility Pack on Windows Embedded POSReady 2009?)
[…] I won't recommend enabling Embedded updates from the get go
I agree!
I didn't know that KB2686509 fixes a Microsoft Security Essentials bug.
I'm trying to replicate this but the manual installer for MSE fails to install no matter what I do. @kirb
(I've heard that Microsoft Office is not intended for being installed or used on Windows Embedded, so why are there some extra updates available only for Office Compatibility Pack on Windows Embedded POSReady 2009?)
Note: To apply this security update, you must have the Office Compatibility Pack Service Pack 3 installed on a computer that is running Windows Embedded POSReady 2009. https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-office-compatibility-pack-service-pack-3-february-12-2019-63dfdb75-484a-e109-ba71-6f6c73e044ce
is this a different compatibility pack or why is it meant for Office 2007 only ? https://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft%20Office%20Compatibility%20Pack%20
(I've heard that Microsoft Office is not intended for being installed or used on Windows Embedded, so why are there some extra updates available only for Office Compatibility Pack on Windows Embedded POSReady 2009?)
Note: To apply this security update, you must have the Office Compatibility Pack Service Pack 3 installed on a computer that is running Windows Embedded POSReady 2009. https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-office-compatibility-pack-service-pack-3-february-12-2019-63dfdb75-484a-e109-ba71-6f6c73e044ce
Yes, I know, but it doesn't make sense.
is this a different compatibility pack or why is it meant for Office 2007 only ? https://www.catalog.update.microsoft.com/Search.aspx?q=Microsoft%20Office%20Compatibility%20Pack%20
No, it's not meant for Office 2007, but it's part of it, technically, probably because Office 2007 is the first Office version that contains the new file formats. The compatibility pack is intended to be installed on your computer if you have Office 2000, Office XP and/or Office 2003 installed on your computer . As stated, you have to install all the updates for each Office version before you install the compatibility pack. When you have installed the compatibility pack, have a look in the list of installed programs in the Control Panel and you will see "Compatibility Pack for the Office 2007 system".
This is because the pack makes Office 2000/XP/2003 understand Office 2007 and newer.
The compatibility pack is necessary if you want to use modern Word, Excel or PowerPoint file formats in Office 2000/XP/2003.
The Microsoft update catalogue does only contain several updates for the compatibility pack. The compatibility pack itself has to be downloaded and installed from its download page. Of course I encourage you to change the URL to your own language. You may need to use Ctrl+U, or something similar, to get the .exe URL from the website.
There is also an older compatibility pack, for Office 2000/XP/2003, but that one doesn't affect the possibility to use modern file formats in Office 2000/XP/2003 (read more here).
Also this page might be interesting. Don't forget this download (for Office 2000/XP/2003/2007/2010/2013 – sources: this page and this one)!
The compatibility pack itself has to be downloaded and installed from its download page. Of course I encourage you to change the URL to your own language. You may need to use Ctrl+U, or something similar, to get the .exe URL from the website.
thanks for the tip but the alternative download links don't seem to work so I downloaded the english version from other sources either installers come with the blue legacy icon however the MU Catalog link contains an installer with a .msp extension that didn't serve me well
-compatibilitypacksp3-kb2526297-fullfile-en-us 12.0.6612.1000 -FileFormatConverters 12.0.6500.5000
Also this page might be interesting. Don't forget this download (for Office 2000/XP/2003/2007/2010/2013 – sources: this page and this one)!
oh wait...way too many links here. I have the Office 2003 LIte and would like to keep it for the sake of nostalgia but will likely not use it much as Libre Office is a good alternative aside from Softmaker Office 2016 or Kingsoft Office 2013
I know that Legacy Update doesn't require to manually install a registry files editor but I wonder what method is being used because they both seem to work equally well
I'm sorry, but I'm not really sure about what you're wondering. However, I'm trying to give an answer as well.
A registry files editor is not necessary for LegacyUpdate to work, that is correct.
I don't (technically) know the method that LegacyUpdate is using, but you can see the technical information on this LegacyUpdate GitHub website.
If those registry entries you are mentioning (not in my quote, though) are present in your "normal" Windows XP, this seems to mean that the embedded versions of Windows XP (except POSReady) are not installed or present (which is correct if you are using a "normal" Windows XP with "POSReady" activated or if you, really, are using Windows Embedded POSReady 2009, which can be downloaded officially on this Microsoft website: https://www.microsoft.com/en-gb/download/details.aspx?id=11196).
If you change the registry value in the DWORD "Installed" in [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS] or [HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES] or [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] from 0 to 1, this means that Windows Update or Microsoft Update (nowadays through LegacyUpdate) starts believing that your Windows XP is any of these embedded Windows XP versions. Which one is the appropriate to choose (to get more updates for "normal" Windows XP)? Well, the POSReady version is the one that has the newest updates, as shown in your own comment, and probably the one that is corresponding best to "normal" Windows XP, as to be seen in the Microsoft Update Catalog (https://www.catalog.update.microsoft.com) when compairing the size of the updates for the different versions of Windows XP shown in the catalogue when searching for, for example, "3197835".
The POSReady hack only works on Windows XP 32-bit. Doesn't work at all on x64 version and/or Windows Server 2003.
